Microsoft security teams reported detection of a new vulnerability in the print queue that can be exploited by malicious hackers to elevate their privileges on the target system.
This report came just a couple of weeks after the company announced the release of updates for two remote code execution flaws. The flaws were identified as PrintNightmare and caused hysteria among the cybersecurity community.
The flaw was tracked as CVE-2021-34481 and resides in the Windows Print Spooler service. According to the company, the flaw was reported by researcher Jacob Baines of security firm Dragos.
A successful attack would allow hackers to execute arbitrary code with SYSTEM privileges, allowing programs to be installed, view, change, or delete data, or create new accounts with full user rights. To resolve the error, administrators and users must stop and disable the Print Spooler service.
This vulnerability adds to a growing list of flaws impacting Windows Print Spooler, although this flaw doesn’t seem especially risky compared to PrintNightmare. It is Baines himself who mentions that while the error is related to the print driver, the attack is not really related to PrintNightmare. The expert plans to reveal more about the vulnerability during his next presentation at DEF CON in August.
It should be remembered that the problems with Print Spooler began on Tuesday, June 30, when a proof of concept (PoC) was released for a vulnerability that would allow threat actors to take control of the affected systems.
There was a lot of confusion about that. Although Microsoft released an update for CVE-2021-1675 in its usual series of monthly updates, fixing what it thought was a minor elevation of privilege vulnerability, the list was updated later in the week after researchers at Tencent and NSFOCUS TIANJI Lab discovered it could be used to abuse the remote code execution bug.
However, soon after it became clear to many experts that Microsoft’s initial patch did not fix the whole problem. The federal government even stepped in this process, offering its own mitigation for PrintNightmare, also recommended by Microsoft.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.